doina

一个小菜鸟运维工程师.

squid 实现无外网服务器访问外网

2018年7月23日 0条评论 2,598次阅读 0人点赞
环境描述:
ESC 5台主机只有一台机器有外网ip,其余4台都没有外网ip
通过配置squid实现所有主机都能访问外网

系统版本 Centos 7.3
squid版本 3.5.20

squid Server:
  外网ip: 101.89.82.***
  内网ip: 10.241.0.1

squid Client:
  内网ip: 10.241.0.2
  内网ip: 10.241.0.3
  内网ip: 10.241.0.4
  内网ip: 10.241.0.5
开始安装配置squid Server
#关闭firewalld
systemctl  stop firewalld
systemctl  disable  firewalld

#安装iptables
yum  -y install iptables-services
systemctl start iptables
systemctl enable iptables

#安装squid
yum -y install squid openssl

#备份配置文件
cp /etc/squid/squid.conf  /etc/squid/squid.conf.bak

#修改squid配置文件,修改后和修改前对比
[root@localhost ~]# diff /etc/squid/squid.conf /etc/squid/squid.conf.bak 
62c62
< cache_dir ufs /var/spool/squid 100 16 1024
---
> #cache_dir ufs /var/spool/squid 100 16 256

#初始化squid
[root@localhost ~]# squid -z              
[root@localhost ~]# 2018/07/23 21:58:42 kid1| Set Current Directory to /var/spool/squid
2018/07/23 21:58:42 kid1| Creating missing swap directories
2018/07/23 21:58:42 kid1| /var/spool/squid exists
2018/07/23 21:58:42 kid1| Making directories in /var/spool/squid/00
2018/07/23 21:58:43 kid1| Making directories in /var/spool/squid/01
2018/07/23 21:58:43 kid1| Making directories in /var/spool/squid/02
2018/07/23 21:58:43 kid1| Making directories in /var/spool/squid/03
2018/07/23 21:58:43 kid1| Making directories in /var/spool/squid/04
2018/07/23 21:58:43 kid1| Making directories in /var/spool/squid/05
2018/07/23 21:58:43 kid1| Making directories in /var/spool/squid/06
2018/07/23 21:58:43 kid1| Making directories in /var/spool/squid/07
2018/07/23 21:58:43 kid1| Making directories in /var/spool/squid/08
2018/07/23 21:58:43 kid1| Making directories in /var/spool/squid/09
2018/07/23 21:58:43 kid1| Making directories in /var/spool/squid/0A
2018/07/23 21:58:43 kid1| Making directories in /var/spool/squid/0B
2018/07/23 21:58:43 kid1| Making directories in /var/spool/squid/0C
2018/07/23 21:58:43 kid1| Making directories in /var/spool/squid/0D
2018/07/23 21:58:43 kid1| Making directories in /var/spool/squid/0E
2018/07/23 21:58:43 kid1| Making directories in /var/spool/squid/0F

#启动squid
systemctl  start squid 

#添加iptables规则,允许访问squid端口
iptables -I INPUT -s 10.241.0.0/16 -p tcp --dport 3128  -j ACCEPT 
service  iptables save

#将iptables的配置进行保存
service iptables save
配置squid Client
#配置前
[root@localhost ~]# curl -I http://baidu.com
curl: (6) Could not resolve host: baidu.com; Unknown error
[root@localhost ~]# curl -I https://baidu.com
curl: (6) Could not resolve host: baidu.com; Unknown error

#添加配置
export http_proxy=http://10.241.0.1:3128
export https_proxy=http://10.241.0.1:3128
echo "export http_proxy=http://10.241.0.1:3128"  >> /etc/profile
echo "export https_proxy=http://10.241.0.1:3128"  >> /etc/profile

#测试
[root@localhost ~]# curl  -I http://baidu.com
HTTP/1.1 200 OK
Date: Mon, 23 Jul 2018 14:45:42 GMT
Server: Apache
Last-Modified: Tue, 12 Jan 2010 13:48:00 GMT
ETag: "51-47cf7e6ee8400"
Accept-Ranges: bytes
Content-Length: 81
Cache-Control: max-age=86400
Expires: Tue, 24 Jul 2018 14:45:42 GMT
Content-Type: text/html
Age: 456
X-Cache: HIT from localhost.localdomain
X-Cache-Lookup: HIT from localhost.localdomain:3128
Via: 1.1 localhost.localdomain (squid/3.5.20)
Connection: keep-alive

[root@localhost ~]# curl -I https://baidu.com
HTTP/1.1 200 Connection established

HTTP/1.1 302 Moved Temporarily
Server: bfe/1.0.8.18
Date: Mon, 23 Jul 2018 14:53:22 GMT
Content-Type: text/html
Content-Length: 161
Connection: keep-alive
Location: http://www.baidu.com/

[root@localhost ~]# curl ip.cn
当前 IP:101.89.82.*** 来自:上海市 电信
点赞
知识共享许可协议
本作品采用 知识共享署名-相同方式共享 4.0 国际许可协议 进行许可

发表评论

邮箱地址不会被公开。

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据